Search RPD Archives
[AfriNIC-rpd] abuse contact information in whois database (AFPUB-2010-GEN-002)
SM
sm at resistor.net
Wed Jun 16 20:53:15 UTC 2010
Hi Tobias,
At 11:32 16-06-10, Tobias Knecht wrote:
>What about a mandatory abuse contact object and a DNS based list?
It all depends how "mandatory" is acted on outside the context of
this policy proposal. I'll stay out of this for now.
A DNS based list is a hack. I doubt such a specification will be
standardized. Does any RIR serve the data through DNS?
>If the RIR is offering this service, why should it be mined. It would be
>much easier to generate a daily rbldnsd file and offer it that way, than
>offering bulk data and or an abuse finder API like RIPE is doing at the
>moment.
You'll have to offer two or three formats instead of one for rbldnsd
only. The world seems to like Web services such as REST these
days. It still make sense to have bulk data access if you are
offering services that depend on this data.
>To be honest, FBLs are not. FBLs are nice to tell a marketing company
>they should unsubscribe the users, but the false positves rate is way to
Receivers of these abuse reports will face the same problem with
false positives.
>high. Reports from Honeypots, real spamtrap hits, ssh attacks, sql
>injection tries, phishing websites are much more reliable than a FBL
>could ever be. Our customers do not even order FBLs for exactly the
>false positives problem.
You still need FBLs for IODEF and MARF or else it is like sending
reports into the night. Some ISPs within the AfriNIC regions do
respond quickly to reports even if it isn't from a FBL.
>By the way, last week on huge anti spam summit in Barcelona, the biggest
>issue was a to find a solution against outgoing spam and almost every
That's the body that has port 25 blocking as a best practice. :-)
>ISP was agreeing, that automatic abuse handling and direct escalation
>would be the best way to get things done.
And that's why they would like the format to be standardized.
>The more complaints you are receiving the easier it is to handle things
>automatically. And the only thing you have to do at the end, decide
>which reporter is how trustworthy and not clicking through a ticket
>system all day long.
And that's why this proposal is part of a picture. It's much more
work to automate if you don't have standardized formats and protocols
to feed into your ticketing system.
Regards,
-sm
More information about the RPD
mailing list